Privacy Policy

Effective date: Nov 10, 2019

OVERVIEW

The following Privacy Policy shall govern the lawful, fair and transparent processing of Personal Data of natural persons conducted by Bimosoft Corp. as the operator of Winglio.com Website and provider of the Winglio.com rent a company Service.

Certain terms used in this privacy policy, if not defined here, are defined by art. 2.1. of the Winglio Terms of Service (Hereafter: ToS).

Relevant persons pursuant to the Regulation EU 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, or „GDPR“):

  1. The Data Controller is
    Bimosoft Corp.
    Level 2, Lot 19, Lazenda Commercial Centre, Phase 3,
    87007
    F.T Labuan,
    Malaysia
    (hereafter: the „Controller“ and to be considered equivalent to “Winglio” or “we” or “our” or “us” as defined by the ToS);
  2. Pursuant to Art. 27 of the GDPR, the designated Representative of the Controller in the EU is
    Bimosoft Limited
    18-19 College Green
    Dublin
    Republic of Ireland

In line with the GDPR changes, we are updating our Privacy Policy so you can better understand why and how we collect, process and erase your data. We are committed to protecting and respecting your privacy. This Policy (together with the ToS and any other documents referred to within) sets out the legal basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.

This Privacy Policy shall describe

  • the type of Personal Data we collect
  • the legal basis and legal requirements for Personal Data collection,
  • the scope, purpose and method of Personal Data collection,
  • the security measures to be undertaken to protect any and all collected Personal Data,
  • Personal Data management rights,
  • the time limit (duration) of storage of collected Personal Data.

WHAT PERSONAL DATA DO WE COLLECT?

We collect Personal Data of natural persons signed up as users of our Service (hereafter:  “Users” to be understood as equivalent to “Verified Users” or “Winglio Partners” as defined by the ToS). The Users themselves provide these Personal Data.

We also collect Personal Data of other natural persons (Clients as defined by the ToS as well as other “Third Parties”) provided to us by the User in the process of providing our Services.

We will inform you if providing some Personal Data is optional, including if we ask for your consent to process it. In all other cases, if you fail to provide the requested Personal Data, we may be unable to provide you with our Service.

We collect and/or process Personal Data when the User:

  1. signs up for our Services;
  2. browses our sites or uses our apps;
  3. uses our Services;
  4. applies for Shareholder status;
  5. applies for Cardholder status;
  6. requests to be issued a Prepaid Business card;
  7. submits business expenses and asset obtainment for approval.

A) Personal Data we collect and process when you sign up for our Services:

  1. First name
  2. Last name
  3. E-mail address
  4. Date of birth
  5. Gender
  6. Address
  7. Phone number
  8. City
  9. Postal Code
  10. Country
  11. Copy of a Users’ passport or national ID (both sides)
  12. Copy of a Users’ ID card or recent utility bill (electricity bill / phone bill / bank statement)
  13. User's digital signature

What do we use this Personal Data for?

This is the information we process to enable you to become a “Verified User”. Only a Verified User may enter into an Agreement with Winglio and may use our Services. Without these Personal Data we are unable to provide you with our Services.

These Personal Data may, with your consent, also be used to promote the Winglio Service and the Winvitation Sweepstakes rewards program.

B) Personal Data we collect when you browse our Website or use our apps:

  1. your IP address through the placement of cookies; and
  2. location data, which might be gained through your IP address or GPS data

This is information we collect by placing cookies on your devices, following your consent pursuant to our Cookie Policy.

What do we use this Personal Data for?

This is the information we collect while you browse our Website and use our apps, mainly to improve our Service. Read our Cookie Policy to find out more.

C) Personal Data we may collect and process while providing our Service:

  1. Users’ bank account information (name of bank, bank account number SWIFT number)
  2. amount and currency to be invoiced to a Client for services rendered
  3. type of service rendered to a Client

Furthermore, at this stage, the User may provide us with the following Client Personal Data (relevant only if a Client is a natural person):

  1. Clients' first and last name
  2. Clients' address
  3. Clients' e-mail address
  4. Clients' digital signature

Pertinent Personal Data protection information for Clients/Third Parties can be found here.

What do we use this Personal Data for?

This is information we collect in order to execute our Agreement with the User, which, in essence, means to act as a commission agent of the User and to issue an invoice to a Client or other Third Party.

D) Personal Data we collect and process when you apply for Shareholder status.

  1. Personal Data pertaining to Users’ shareholder status in other companies;
  2. Users’ academic background;
  3. Personal Data pertaining to Users’ business history;
  4. Personal Data pertaining to Users’ legal procedure history;
  5. Personal Data pertaining to Users’ criminal conviction history;
  6. Personal Data pertaining to Users’ regulatory authority procedure history;
  7. Users' digital signature

Furthermore, at this stage, the User may provide us with the following Third Party (Referee 1 & 2, Witness) Personal Data

  1. Third Party first and last name
  2. Third Party telephone number
  3. Third Party address
  4. Third Party profession
  5. Third Party company e-mail address
  6. Third Party personal e-mail address
  7. Third Party city, postal code and country of residence

Pertinent Personal Data protection information for Clients/Third Parties can be found here.

What do we use this Personal Data for?

This is information we need to collect in order to approve your Shareholder status application and to be able to execute a transfer of shares pursuant to relevant laws and regulations governing the transfer of company shares in Malaysia.

E) Personal Data we process when you apply for Cardholder status.

  1. Personal Data already collected as described in II.1.

What do we use this Personal Data for?

We process this Personal Data to be able to approve your Cardholder status application in accordance with the Cardholder Rules.

F) Personal Data we process when you request a Prepaid Business card.

  1. Your first name;
  2. Your last name;
  3. Your e-mail address;

What do we use this Personal Data for?

We provide the Personal Data to the Card Issuer after which you will be contacted by the Card Issuer and henceforth deal directly with the Card Issuer.

After contact with the Card Issuer, all your Personal Data collected and processed by the Card Issuer is collected and processed in accordance with the Card Issuer’s privacy policies.

G) Personal Data we collect and process when you submit business expenses and asset obtainment for approval.

  1. Cardholder/Authorized cardholder name and last name;
  2. Location of business expense and/or asset obtainment;
  3. Type of business expense and/or asset obtainment;
  4. Personal Data you choose to provide us when submitting documentation and commentary regarding the business expense and/or asset obtainment.

What do we use this Personal Data for?

We collect and process this Personal Data to determine whether a certain business expense and/or asset obtainment are to be considered as a business expense or as personal expense in accordance with the Cardholder Rules. We must process and keep this Personal Data to comply with financial and accounting regulations, depending on the jurisdiction.

HOW DO WE USE YOUR PERSONAL DATA

We may use the Personal Data you provide about yourself to fulfill your requests for our products, programs, and services, to respond to your inquiries about the Service, and to offer you other products, programs, or services we believe may be of interest to you. We may also use your Personal Data to administer sweepstakes and contests.

We may use or disclose your information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims.

If we consider it necessary, we may disclose your Personal Data to third parties in good faith that such disclosure is reasonably necessary to (i) take action regarding suspected illegal activities; (ii) investigate, enforce or apply Winglio Terms of Service, Cardholder Rules, or this Privacy Policy; (iii) comply with legal process, such as a search warrant, subpoena, statute, or court order; or (iv) protect our rights, reputation, or property or that of our Users, affiliates, the public or other third parties. Please note that we are not required to question or contest the validity of any search warrant, subpoena, or other similar governmental request we may receive.

We use information about which links have been followed and whether an action has been taken on another party’s website in order to improve our offerings and customize the Service.

Technical and navigational information, such as computer browser type, IP address, pages visited, and average time spent on our the Winglio Website, may be used, for example, to alert you to software compatibility issues, or it may be analysed to improve our website design and functionality.

LEGAL BASIS FOR PROCESSING OF PERSONAL DATA

The legal basis for processing of Personal Data:

  1. Processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the User prior to entering into a contract;

    The processed Personal Data is necessary to enable us to enter into the Agreement with the User, to execute the Agreement and provide our Services pursuant to the Agreement within the scope of the Terms of Service and to enable us to act as a commission agent of the User.

    The processed Personal Data is also necessary to enable us to enter into a share transfer agreement with the prospective Shareholder, and to execute the share transfer pursuant to applicable laws and regulations.

    The processed Personal Data is necessary to enable us to provide our Cardholder status services as described and in accordance with the Cardholder Rules, including the use of a Prepaid Business card.
  2. Processing is necessary for compliance with a legal obligation to which the Controller is subject;
    Due to the nature of the Services provided by Winglio (payment, financial services, share transfer), we are legally obligated to process, store, and, if needed, reproduce Personal Data pertaining to financial transactions made by the User if so requested by law enforcement agencies; financial regulators and other relevant regulatory authorities; government bodies; tax authorities; courts tribunals and complaints/dispute resolution bodies and other bodies as required by law or regulation if such a request has sound legal basis.
    Furthermore, we must process and store certain Personal Data because we are legally obligated to allow the User to exercise his or her rights under the GDPR.
  3. Processing is necessary for the purposes of the legitimate interests pursued by the Controller;

    We collect your Personal Data for the following legitimate interests:
    • Provision of our financial products and Services;
    • Promotion of ideas and events relating to Services we provide;
    • Accuracy of User records;
    • Transparency of company ownership structure;
    • Maintenance of records of communications and management of your relationship with us;
    • To respond to your enquires;
    • To comply with any present or future law, rule, regulation, guidance, decision or directive (including those concerning anti-terrorism, fraud, anti-money laundering and anticorruption);
    • To carry out, in appropriate cases, KYC checks and other procedures that we undertake prior to you becoming a User;
    • Prevention and detection of fraud and other illegal activity or misconduct
    • For informing you about compliance with legal and regulatory obligations and provide related guidance.
  4. The User has given consent to the processing of his or her Personal Data for one or more specific purposes;

    Usually, this is the case when you request us to disclose your Personal Data to other people or organizations, or otherwise agree to disclosures.

    This is also the case when we ask to collect your Personal Data while you browse our Website, all in accordance with our Cookie Policy.

    This is also the case with all Personal Data we collect and process for promotional and marketing purposes.

DURATION OF RETENTION OF PERSONAL DATA

Due to the sensitive nature of our Service (payment and financial services, transfer of company shares) we retain your Personal Data to protect our legitimate business interests and to meet legal obligations for a minimum period required by law, which in any case may be no shorter than 10 years after your User account closure, or after your User Account has been deemed inactive.

Personal Data collected exclusively for promotional purposes shall be retained for no shorter than 3 years after such Personal Data processing consent is given.

After this period has passed your Personal Data (will be automatically deleted, or/and deleted per your request).

WHO DO WE SHARE YOUR PERSONAL DATA WITH?

We may share your Personal Data with the following types of recipients:

  1. With companies in our business group, sub-contractors, third-party service providers and partners who provide data processing services to us, such as but not limited to payment processing, other payment and money withdrawal issues, legal and financial advisory services, IT-support, etc. All such parties are obligated to use your Personal Data in accordance with this our internal privacy Document, this Privacy Policy and our ToS.
  2. With any competent law enforcement body, regulatory authority, government agency, court of law or other third party where we believe disclosure is necessary
    1. as a matter of applicable law or regulation,
    2. to exercise, establish or defend our legal rights, or
    3. to protect your vital interests or those of any other person.
  3. With a potential or actual buyer (and its agents and advisers) in connection with any proposed or actual purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information solely for the purposes disclosed in this Privacy Policy.
  4. With the Card Issuer as described in II.6. This is done exclusively pursuant to your explicit request to become an Authorized Cardholder.
  5. With any other person, such as Clients and Third Parties, with your consent for such disclosure.

Except as otherwise stated in this Privacy Policy, we generally do not sell, trade, rent or share Personal Data that we collect with third parties unless we have your consent to do so.

CLIENT AND THIRD PARTY INFORMATION

During the provision of our Service, the User provides us with Personal Data regarding his/our Client (if the Client is a natural person).

Should the User apply for Shareholder status, the User shall provide us with Personal Data regarding Thirds Persons (Referee 1 & 2, Witness)

Both the User providing us with Client data, and the User applying for Shareholder status providing us with Third Persons data are contractually obligated to inform the Client/Third Person that their data shall be shared and processed by Winglio, and will provide them with the link to this Privacy Policy wherein they can find all the information about their Personal Data that is being Processed by Winglio, as well as their data privacy rights.

Pursuant to applicable regulations, we provide Clients and Third Persons with the following information:

  1. identity and contact details of the data controller, representative and data protection officer

    Data controller – Here
    Representative – Here
    Data Protection Officer – Here
  2. purpose and legal basis for processing Personal Data:

    Purpose for processing – Here
    Legal basis for processing – Here
  3. recipients or categories of recipients of Personal Data

    Recipients or categories of recipients – Here
  4. period for which the Personal Data will be stored or criteria used to determine that period

    Period for which the Personal Data will be store – Here
  5. when processing is based on the legitimate interests pursued by the controller or this party

    Legitimate interests of the controller – Here
  6. right to request controller access to, rectification and erasure of Personal Data and/or restriction of processing, right of data portability, right to lodge a complaint with a supervisory authority

    Data subject rights – Here
  7. source of Personal Data – the source of Personal Data of third persons is always the User, either as the provider of Client data when using our Services, or the provider of Third Person data as a prospective Shareholder status User.

HOW DO WE PROTECT YOUR PERSONAL DATA?

We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorized access, disclosure, and alteration.  The security measures include firewalls, data encryption, physical access controls to our data centers and information access authorization controls.  While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current. 

We do not store, transmit, or process any customer credit card information provided to us at any time during, or after the sale. Any payment information provided is transmitted to a 3rd party via a secured socket layer.

WHAT ARE YOUR DATA PROTECTION RIGHTS?

You have the following data protection rights:

  1. To access, correct, update or request deletion of your personal information. You may do so by contacting us using the information in the "Contact Us" section below.
  2. To object to the processing of your personal information (which is processed on the grounds of legitimate interests), ask us to restrict processing of your personal information or request portability of your personal information. Again, you may do so by contacting us using the information in the "Contact Us" section below.
  3. To opt out of marketing communications we send you, at any time. You can exercise this right by clicking on the “unsubscribe/opt out” link in the marketing communications we send you or by contacting us using the information in the "Contact Us" section below.
  4. If we are processing your personal information with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted pursuant to lawful processing grounds other than consent. You may do so by contacting us using the details at "Contact Us" heading below.
  5. You have the right to file a complaint with a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

AUTOMATED DATA PROCESSING

We use automated data processing (automated decision making) to automatically provide our Users with certain opportunities, bonuses, and amenities based on their use of the Service. Should certain conditions are met (as provided by the ToS), Winglio shall automatically send an e-mail to certain Users giving them an opportunity to access certain Winglio bonuses and amenities.

Users are not under any obligation to accept these offers.

TRANSFERS OF YOUR PERSONAL DATA TO OTHER COUNTRIES

A network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers support our operations. We and our third-party service providers store and process your Personal Data in the European Union. We will protect your information as described in this Privacy Policy if your Personal Data is transferred to other countries.  By using our Website and Services, you consent to your Personal Data being transferred to other countries, including countries that have different data protection rules than your country. 

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, in accordance with the significance of the changes we make. The revised Privacy Policy will be effective as of the published effective date. 

CONTACT US

You may contact us if you have general questions about our Privacy Policy and practices or questions about your Account information or Personal Data. 

Winglio EU Representative:
Bimosoft Limited
18-19 College Green
Dublin 2
Republic of Ireland
E-mail: datarepresentative@winglio.com

Winglio Data Protection Officer:
Bimosoft Corp.
Level 2, Lot 19, Lazenda Commercial Centre, Phase 3,
87007
F.T Labuan,
Malaysia
E-mail: dataprotection@winglio.com